Package: dgit Version: 13.19~bpo13+1 Severity: normal Hi,
As you can see in this thread from debian-boot: https://lists.debian.org/debian-boot/2025/12/msg00210.html Cyril was unpleasantly surprised by the discovery that an upload I had done with dgit had created git commits in his name that were not his doing. I can see why they should be _somehow_ tagged as being his work, given that they are representations of uploads he did to the archive, but I agree with him that setting both the Author and Committer seems to overstep the mark by quite a margin. I'd have thought that setting at least one of those to me would have been a more accurate recording of what happened. Also, adding something to the commit's message stating who the original uploader to the archive was, and that this synthetic commit representing that upload was created by whoever ran the dgit (or git debrebase? I'm not sure exactly where these commits came from TBH). That would hopefully ensure that others don't get a similar unpleasant surprise in future. Cheers, Phil. -- System Information: Debian Release: 13.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (100, 'trixie-fasttrack'), (99, 'unstable'), (90, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.12.57+deb13-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dgit depends on: ii apt 3.0.3 ii ca-certificates 20250419 ii coreutils 9.7-3 ii curl 8.14.1-2+deb13u2 ii devscripts 2.25.15+deb13u1 ii dpkg-dev 1.22.21 ii dput 1.2.4 ii git [git-core] 1:2.47.3-0+deb13u1 ii git-buildpackage 0.9.38 ii libdpkg-perl 1.22.21 ii libjson-perl 4.10000-1 ii liblist-moreutils-perl 0.430-2 ii liblocale-gettext-perl 1.07-7+b1 ii libtext-csv-perl 2.06-1 ii libtext-glob-perl 0.11-3 ii libtext-iconv-perl 1.7-8+b4 ii libwww-curl-perl 4.17-12 ii perl [libdigest-sha-perl] 5.40.1-6 ii python3 3.13.5-1 Versions of packages dgit recommends: ii distro-info-data 0.66+deb13u1 ii liburi-perl 5.30-1 ii openssh-client [ssh-client] 1:10.0p1-7 Versions of packages dgit suggests: ii sbuild 0.89.3+deb13u1 -- no debconf information
